[Secure-testing-commits] r43324 - data/CVE

security tracker role sectracker at moszumanska.debian.org
Wed Jul 20 21:10:11 UTC 2016 

Author: sectracker
Date: 2016-07-20 21:10:11 +0000 (Wed, 20 Jul 2016)
New Revision: 43324

Modified:
   data/CVE/list
Log:
automatic update

Modified: data/CVE/list
===================================================================
--- data/CVE/list	2016-07-20 21:09:58 UTC (rev 43323)
+++ data/CVE/list	2016-07-20 21:10:11 UTC (rev 43324)
@@ -1,3 +1,7 @@
+CVE-2016-6249
+	RESERVED
+CVE-2016-1000030
+	RESERVED
 CVE-2016-XXXX [insecure default PATH]
 	- dietlibc 0.34~cvs20160606-2
 	NOTE: http://news.gmane.org/find-root.php?message_id=alpine.DEB.2.20.1607181048300.24083%40tglase.lan.tarent.de
@@ -1742,12 +1746,12 @@
 	RESERVED
 CVE-2016-5656
 	RESERVED
-CVE-2016-5655
-	RESERVED
-CVE-2016-5654
-	RESERVED
-CVE-2016-5653
-	RESERVED
+CVE-2016-5655 (Misys FusionCapital Opics Plus does not verify X.509 certificates from ...)
+	TODO: check
+CVE-2016-5654 (Misys FusionCapital Opics Plus allows remote authenticated users to ...)
+	TODO: check
+CVE-2016-5653 (Multiple SQL injection vulnerabilities in Misys FusionCapital Opics ...)
+	TODO: check
 CVE-2016-5652
 	RESERVED
 CVE-2016-5651
@@ -2390,7 +2394,7 @@
 	RESERVED
 	- libapache2-mod-fcgid <unfixed>
 CVE-2016-5387 (The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 ...)
-	{DSA-3623-1}
+	{DSA-3623-1 DLA-553-1}
 	- apache2 <unfixed>
 	NOTE: https://www.apache.org/security/asf-httpoxy-response.txt
 CVE-2016-5386 (The net/http package in Go through 1.6 does not attempt to address RFC ...)
@@ -3687,8 +3691,7 @@
 	RESERVED
 CVE-2016-5081
 	RESERVED
-CVE-2016-5080
-	RESERVED
+CVE-2016-5080 (Integer overflow in the rtxMemHeapAlloc function in asn1rt_a.lib in ...)
 	NOT-FOR-US: Objective Systems Inc. ASN1C compiler
 	NOTE: https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
 CVE-2016-5079
@@ -10451,8 +10454,7 @@
 	REJECTED
 CVE-2016-2776
 	RESERVED
-CVE-2016-2775 [A query name which is too long can cause a segmentation fault in lwresd]
-	RESERVED
+CVE-2016-2775 (ISC BIND 9.x before 9.9.9-P2, 9.10.x before 9.10.4-P2, and 9.11.x ...)
 	- bind9 <unfixed> (bug #831796)
 	[jessie] - bind9 <no-dsa> (Minor issue; lwresd not commonly used)
 	NOTE: https://kb.isc.org/article/AA-01393/74/CVE-2016-2775

More information about the Secure-testing-commits mailing list